You are in:
Civil Contingencies Act: safeguarding Britain or simply hot air?
While the Government’s Civil Contingencies Secretariat may be making positive noises about Britain’s preparedness for a variety of disasters – from an influenza pandemic to terrorist attack – the reality is somewhat different. With no clear direction or dedicated budget and a complete lack of Act-specific assessment, the majority of the local authorities and NHS Trusts in England & Wales have achieved little more than an effective ‘passing the buck’ exercise. If the Government is truly committed to protecting the nation, why are Ministers not using the powers provided by the Civil Contingencies Act to proactively monitor the true state of preparedness across the country? These are the very thoughts asked Graham Chick, Chief Executive, GemaTech...
In an increasingly risk aware environment, crisis management is an important component of strategic planning for organisations on the front line of public service delivery. And, according to a new survey from ALARM, the national forum for risk management in the public sector, risk management continues to grow in importance within local authorities. The survey revealed 78% of respondents say risk management is clearly embedded in strategic plans, while 81% say it is implicit in their financial planning.
However, while critical incidents and business continuity is one of the top five risks faced by local authorities, these figures also encompass plans for partnerships; not achieving objectives/targets; service delivery; and housing stock transfer. Despite the Civil Contingencies Act coming into force in 2004, there is a growing awareness across the public sector that business continuity planning may in fact fall short of public expectation.
Indeed, the Be Prepared report from local government user group SOCITM states that councils are missing opportunities to establish up to date disaster recovery plans for IT services. It also reveals a lack of communication between key emergency personnel as a major obstacle in business continuity.
The report is based on research from recent disasters that have hit local authorities, affecting their ICT service. It raises serious concerns as to whether councils understand the expectations of the Civil Contingencies Act and are sufficiently prepared to cope with serious threats to business continuity.
hot air ,/b>
So just what has been achieved in the two years since the Act came into force? Without doubt the Civil Contingencies Secretariat has been busy producing leaflets and attending meetings in a bid to disseminate good Business Continuity practice. Indeed, there is an extraordinary amount of information available regarding the possible threats and their potential impact.
But there is little indication that category one stakeholders, including local authorities, emergency services, health authorities and services, are meeting the demands of the Act: namely, to make risk assessments from time to time and develop and maintain business continuity plans.
According to the government, no organisation can afford to ignore the Civil Contingencies Act. And those category one and two organisations (including utility and telecoms companies) have specific responsibilities. Yet there are no specific requirements in the Act or the Regulations for local responders to monitor their own performance, according to supporting guidance provided in Emergency Preparedness. As a result, too many of the fundamental issues – such as planning the ICT strategy – are not being addressed.
Indeed, one of the key findings of SOCITM’s Be Prepared report is that in the event of a threat to business continuity it was difficult to contact key personnel. Not everyone knew the necessary mobile phone numbers or could use alternative communications equipment properly. Furthermore ICT disaster recovery plans had not been updated to include, for example, a newly opened contact centre.
flexible response
Such basic communication requirements underpin any emergency response. What will happen to public services when the phone network fails or a power cut takes out the organisation’s telephone switch/PBX or when a flu pandemic, fire, flood or gas leak keep staff away from the office? How will the public receive the critical services that are now predominantly delivered either online or via the telephone? And, critically, how will category one organisations communicate with each other as they continue to manage the emergency event?
Put simply, these public sector organisations need to put in place solutions that provide automated rerouting of calls to any number of alternative numbers and / or locations including alternative office locations, recovery sites, homes and mobiles to enable business as usual as far as possible.
But who, within the local authority, is responsible for delivering business continuity telecommunications strategy? Most telecoms departments, indeed, would claim to be covered in the event of a disaster – although experience, as revealed by SOCITM, would suggest otherwise.
no responsibility
Today, with responsibilities split between Emergency Planning Officers and Business Continuity Officers, few local authorities or health authorities have any valid plan in place to enable business as usual. And although some £20 million was initially made available to category one stakeholders, with no stipulation as to how the money was spent, many councils have utilised the resources elsewhere.
Those organisations that have implemented a plan are in a minority and have acted bravely and in isolation, opting to reallocate the required budget from other areas.
According to the Civil Contingencies Act: Emergency Preparedness, while the Act introduces a power for Ministers of the Crown to monitor the performance of the civil protection duties, the Government does not intend to use these monitoring powers on a regular basis.
Instead, the burden of responsibility falls to existing performance monitoring bodies: the Audit Commission, Healthcare Commission and Her Majesty’s Inspectorate of Constabulary. As a result, there appears little or no Civil Contingencies specific monitoring is actually being undertaken.
The National Audit Office insists the performance of Category 1 stakeholders is being assessed within existing performance frameworks, including the Audit Commission and Healthcare Commission, to ‘bring civil protection into the mainstream of activity and to make best use of the established performance assessment processes, experience and relationships already in place’.
But just how ‘mainstream’ is this assessment? Or is it simply a case of reallocating the task to organisations already overwhelmed by a raft of performance monitoring tasks? Given the investment demanded of these organisations to safeguard people and business across the UK, and the stated importance of the Act to ensuring country-wide preparedness, why are Ministers not leveraging the Act’s powers to attain information about actions taken by a Category 1 or 2 responder in the performance of duties?
delivering civil contingency
The Secretariat cannot continue with its strategy of information deluge alone. Councils need clear guidelines and directives, supported by targeted budget, to deliver specific components of the Civil Contingencies Act. And, like it or not, those components will include purchasing products – whether it is technology or vaccines.
By failing to ascertain the specific requirements and assess potential solutions, the Secretariat appears to be consciously side-stepping ultimate responsibility for ensuring compliance with the Act – and leaving those at the front line of service delivery to bear an extraordinary burden without the necessary support. The Civil Contingencies Act is not just about responding to a disaster, it is about putting in place the solutions that will enable corporate Britain to recover as fast as possible from a disaster, minimising the risk of plunging the country into financial chaos that would have far reaching effects.
The Civil Contingencies Act may have been created with the best intentions, but with no targeted and accountable funding and no explicit requirements, those tasked with delivering local services in the event of a disaster are effectively hamstrung. Unless the Secretariat faces up to the real challenges associated with meeting the demands of the Act, the country is in for a very nasty shock as and when disaster strikes.
